/*
 * Internal WPA/RSN supplicant state machine definitions
 * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#ifndef WPA_I_H
#define WPA_I_H

#include "utils/list.h"

struct wpa_peerkey;
struct wpa_tdls_peer;
struct wpa_eapol_key;

/**
 * struct wpa_sm - Internal WPA state machine data
 */
struct wpa_sm {
	u8 pmk[PMK_LEN];
	size_t pmk_len;
	struct wpa_ptk ptk, tptk;
	int ptk_set, tptk_set;
	unsigned int msg_3_of_4_ok: 1;
	u8 snonce[WPA_NONCE_LEN];
	u8 anonce[WPA_NONCE_LEN];	/* ANonce from the last 1/4 msg */
	int renew_snonce;
	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
	int rx_replay_counter_set;
	u8 request_counter[WPA_REPLAY_COUNTER_LEN];

	struct eapol_sm *eapol;		/* EAPOL state machine from upper level code */

	struct rsn_pmksa_cache *pmksa;	/* PMKSA cache */
	struct rsn_pmksa_cache_entry *cur_pmksa;	/* current PMKSA entry */
	struct dl_list pmksa_candidates;

	struct l2_packet_data *l2_preauth;
	struct l2_packet_data *l2_preauth_br;
	struct l2_packet_data *l2_tdls;
	u8 preauth_bssid[ETH_ALEN];	/* current RSN pre-auth peer or
								 * 00:00:00:00:00:00 if no pre-auth is
								 * in progress */
	struct eapol_sm *preauth_eapol;

	struct wpa_sm_ctx *ctx;

	void *scard_ctx;			/* context for smartcard callbacks */
	int fast_reauth;			/* whether EAP fast re-authentication is enabled */

	void *network_ctx;
	int peerkey_enabled;
	int allowed_pairwise_cipher;	/* bitfield of WPA_CIPHER_* */
	int proactive_key_caching;
	int eap_workaround;
	void *eap_conf_ctx;
	u8 ssid[32];
	size_t ssid_len;
	int wpa_ptk_rekey;
	int p2p;

	u8 own_addr[ETH_ALEN];
	const char *ifname;
	const char *bridge_ifname;
	u8 bssid[ETH_ALEN];

	unsigned int dot11RSNAConfigPMKLifetime;
	unsigned int dot11RSNAConfigPMKReauthThreshold;
	unsigned int dot11RSNAConfigSATimeout;

	unsigned int dot11RSNA4WayHandshakeFailures;

	/* Selected configuration (based on Beacon/ProbeResp WPA IE) */
	unsigned int proto;
	unsigned int pairwise_cipher;
	unsigned int group_cipher;
	unsigned int key_mgmt;
	unsigned int mgmt_group_cipher;

	int rsn_enabled;			/* Whether RSN is enabled in configuration */
	int mfp;					/* 0 = disabled, 1 = optional, 2 = mandatory */

	u8 *assoc_wpa_ie;			/* Own WPA/RSN IE from (Re)AssocReq */
	size_t assoc_wpa_ie_len;
	u8 *ap_wpa_ie, *ap_rsn_ie;
	size_t ap_wpa_ie_len, ap_rsn_ie_len;

#ifdef CONFIG_PEERKEY
	struct wpa_peerkey *peerkey;
#endif							/* CONFIG_PEERKEY */
#ifdef CONFIG_TDLS
	struct wpa_tdls_peer *tdls;
	int tdls_prohibited;
	int tdls_chan_switch_prohibited;
	int tdls_disabled;

	/* The driver supports TDLS */
	int tdls_supported;

	/*
	 * The driver requires explicit discovery/setup/teardown frames sent
	 * to it via tdls_mgmt.
	 */
	int tdls_external_setup;

	/* The driver supports TDLS channel switching */
	int tdls_chan_switch;
#endif							/* CONFIG_TDLS */

#ifdef CONFIG_IEEE80211R
	u8 xxkey[PMK_LEN];			/* PSK or the second 256 bits of MSK */
	size_t xxkey_len;
	u8 pmk_r0[PMK_LEN];
	u8 pmk_r0_name[WPA_PMK_NAME_LEN];
	u8 pmk_r1[PMK_LEN];
	u8 pmk_r1_name[WPA_PMK_NAME_LEN];
	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
	u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
	size_t r0kh_id_len;
	u8 r1kh_id[FT_R1KH_ID_LEN];
	int ft_completed;
	int over_the_ds_in_progress;
	u8 target_ap[ETH_ALEN];		/* over-the-DS target AP */
	int set_ptk_after_assoc;
	u8 mdie_ft_capab;			/* FT Capability and Policy from target AP MDIE */
	u8 *assoc_resp_ies;			/* MDIE and FTIE from (Re)Association Response */
	size_t assoc_resp_ies_len;
#endif							/* CONFIG_IEEE80211R */

#ifdef CONFIG_P2P
	u8 p2p_ip_addr[3 * 4];
#endif							/* CONFIG_P2P */
};

static inline void wpa_sm_set_state(struct wpa_sm *sm, enum wpa_states state)
{
	WPA_ASSERT(sm->ctx->set_state);
	sm->ctx->set_state(sm->ctx->ctx, state);
}

static inline enum wpa_states wpa_sm_get_state(struct wpa_sm *sm)
{
	WPA_ASSERT(sm->ctx->get_state);
	return sm->ctx->get_state(sm->ctx->ctx);
}

static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
{
	WPA_ASSERT(sm->ctx->deauthenticate);
	sm->ctx->deauthenticate(sm->ctx->ctx, reason_code);
}

static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg, const u8 *addr, int key_idx, int set_tx, const u8 *seq, size_t seq_len, const u8 *key, size_t key_len)
{
	WPA_ASSERT(sm->ctx->set_key);
	return sm->ctx->set_key(sm->ctx->ctx, alg, addr, key_idx, set_tx, seq, seq_len, key, key_len);
}

static inline void *wpa_sm_get_network_ctx(struct wpa_sm *sm)
{
	WPA_ASSERT(sm->ctx->get_network_ctx);
	return sm->ctx->get_network_ctx(sm->ctx->ctx);
}

static inline int wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
{
	WPA_ASSERT(sm->ctx->get_bssid);
	return sm->ctx->get_bssid(sm->ctx->ctx, bssid);
}

static inline int wpa_sm_ether_send(struct wpa_sm *sm, const u8 *dest, u16 proto, const u8 *buf, size_t len)
{
	WPA_ASSERT(sm->ctx->ether_send);
	return sm->ctx->ether_send(sm->ctx->ctx, dest, proto, buf, len);
}

static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm)
{
	WPA_ASSERT(sm->ctx->get_beacon_ie);
	return sm->ctx->get_beacon_ie(sm->ctx->ctx);
}

static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm)
{
	WPA_ASSERT(sm->ctx->cancel_auth_timeout);
	sm->ctx->cancel_auth_timeout(sm->ctx->ctx);
}

static inline u8 *wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type, const void *data, u16 data_len, size_t *msg_len, void **data_pos)
{
	WPA_ASSERT(sm->ctx->alloc_eapol);
	return sm->ctx->alloc_eapol(sm->ctx->ctx, type, data, data_len, msg_len, data_pos);
}

static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, const u8 *bssid, const u8 *pmkid)
{
	WPA_ASSERT(sm->ctx->add_pmkid);
	return sm->ctx->add_pmkid(sm->ctx->ctx, bssid, pmkid);
}

static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, const u8 *bssid, const u8 *pmkid)
{
	WPA_ASSERT(sm->ctx->remove_pmkid);
	return sm->ctx->remove_pmkid(sm->ctx->ctx, bssid, pmkid);
}

static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr, int protect_type, int key_type)
{
	WPA_ASSERT(sm->ctx->mlme_setprotection);
	return sm->ctx->mlme_setprotection(sm->ctx->ctx, addr, protect_type, key_type);
}

static inline int wpa_sm_update_ft_ies(struct wpa_sm *sm, const u8 *md, const u8 *ies, size_t ies_len)
{
	if (sm->ctx->update_ft_ies) {
		return sm->ctx->update_ft_ies(sm->ctx->ctx, md, ies, ies_len);
	}
	return -1;
}

static inline int wpa_sm_send_ft_action(struct wpa_sm *sm, u8 action, const u8 *target_ap, const u8 *ies, size_t ies_len)
{
	if (sm->ctx->send_ft_action) {
		return sm->ctx->send_ft_action(sm->ctx->ctx, action, target_ap, ies, ies_len);
	}
	return -1;
}

static inline int wpa_sm_mark_authenticated(struct wpa_sm *sm, const u8 *target_ap)
{
	if (sm->ctx->mark_authenticated) {
		return sm->ctx->mark_authenticated(sm->ctx->ctx, target_ap);
	}
	return -1;
}

static inline void wpa_sm_set_rekey_offload(struct wpa_sm *sm)
{
	if (!sm->ctx->set_rekey_offload) {
		return;
	}
	sm->ctx->set_rekey_offload(sm->ctx->ctx, sm->ptk.kek, sm->ptk.kek_len, sm->ptk.kck, sm->ptk.kck_len, sm->rx_replay_counter);
}

#ifdef CONFIG_TDLS
static inline int wpa_sm_tdls_get_capa(struct wpa_sm *sm, int *tdls_supported, int *tdls_ext_setup, int *tdls_chan_switch)
{
	if (sm->ctx->tdls_get_capa) {
		return sm->ctx->tdls_get_capa(sm->ctx->ctx, tdls_supported, tdls_ext_setup, tdls_chan_switch);
	}
	return -1;
}

static inline int wpa_sm_send_tdls_mgmt(struct wpa_sm *sm, const u8 *dst, u8 action_code, u8 dialog_token, u16 status_code, u32 peer_capab, int initiator, const u8 *buf, size_t len)
{
	if (sm->ctx->send_tdls_mgmt) {
		return sm->ctx->send_tdls_mgmt(sm->ctx->ctx, dst, action_code, dialog_token, status_code, peer_capab, initiator, buf, len);
	}
	return -1;
}

static inline int wpa_sm_tdls_oper(struct wpa_sm *sm, int oper, const u8 *peer)
{
	if (sm->ctx->tdls_oper) {
		return sm->ctx->tdls_oper(sm->ctx->ctx, oper, peer);
	}
	return -1;
}

static inline int wpa_sm_tdls_peer_addset(struct wpa_sm *sm, const u8 *addr, int add, u16 aid, u16 capability, const u8 *supp_rates, size_t supp_rates_len, const struct ieee80211_ht_capabilities *ht_capab, const struct ieee80211_vht_capabilities *vht_capab, u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len, const u8 *supp_channels, size_t supp_channels_len, const u8 *supp_oper_classes, size_t supp_oper_classes_len)
{
	if (sm->ctx->tdls_peer_addset) {
		return sm->ctx->tdls_peer_addset(sm->ctx->ctx, addr, add, aid, capability, supp_rates, supp_rates_len, ht_capab, vht_capab, qosinfo, wmm, ext_capab, ext_capab_len, supp_channels, supp_channels_len, supp_oper_classes, supp_oper_classes_len);
	}
	return -1;
}

static inline int wpa_sm_tdls_enable_channel_switch(struct wpa_sm *sm, const u8 *addr, u8 oper_class, const struct hostapd_freq_params *freq_params)
{
	if (sm->ctx->tdls_enable_channel_switch) {
		return sm->ctx->tdls_enable_channel_switch(sm->ctx->ctx, addr, oper_class, freq_params);
	}
	return -1;
}

static inline int wpa_sm_tdls_disable_channel_switch(struct wpa_sm *sm, const u8 *addr)
{
	if (sm->ctx->tdls_disable_channel_switch) {
		return sm->ctx->tdls_disable_channel_switch(sm->ctx->ctx, addr);
	}
	return -1;
}
#endif							/* CONFIG_TDLS */

static inline int wpa_sm_key_mgmt_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len)
{
	if (!sm->proactive_key_caching) {
		return 0;
	}
	if (!sm->ctx->key_mgmt_set_pmk) {
		return -1;
	}
	return sm->ctx->key_mgmt_set_pmk(sm->ctx->ctx, pmk, pmk_len);
}

void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck, size_t kck_len, int ver, const u8 *dest, u16 proto, u8 *msg, size_t msg_len, u8 *key_mic);
int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst, const struct wpa_eapol_key *key, int ver, const u8 *nonce, const u8 *wpa_ie, size_t wpa_ie_len, struct wpa_ptk *ptk);
int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, const struct wpa_eapol_key *key, u16 ver, u16 key_info, struct wpa_ptk *ptk);

int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, struct wpa_ptk *ptk);

void wpa_tdls_assoc(struct wpa_sm *sm);
void wpa_tdls_disassoc(struct wpa_sm *sm);

#endif							/* WPA_I_H */
